Solana is fast, cheap, and full of opportunities — but also full of phishing links, fake tokens, and scam dApps. In 2025, most serious losses don’t come from “hacking the blockchain,” they come from users making small security mistakes.
This checklist is designed to help you protect your Solana wallet step by step, whether you use Phantom, Solflare, Backpack, Glow, or any other Solana wallet.
If you follow most of the items below, you’re already ahead of the majority of users in terms of security.
✅ 1. Seed Phrase & Private Key — Your Master Key
Your seed phrase (recovery phrase) is the single most important part of your wallet. Anyone with it can empty your funds; if you lose it, nobody can help you recover them.
🔲 1.1 Stored Offline Only
- Write your seed phrase on paper or metal, not in:
- Screenshots
- Cloud notes (iCloud, Google Drive, Notion, Evernote)
- Email or chat apps
- Keep it in a secure, offline location (safe, lockbox, etc.).
🔲 1.2 Multiple Backups, Different Places
- Make 2–3 copies stored in different physical locations:
- Home safe
- Safety deposit box
- Trusted family location
- Never store all copies in the same drawer next to your PC.
🔲 1.3 Never Share, Never Type It Online
- No support team, admin, or “airdrop bot” will ever need your seed phrase.
- If any website, dApp, or person asks for your seed phrase → it’s a scam.
- Even hardware wallet security checklists say: there’s no valid reason anyone needs your seed phrase.
✅ 2. Device Hygiene — Secure the Environment First
Even the safest wallet is useless if your phone or laptop is compromised.
🔲 2.1 Updated OS & Browser
- Keep your phone, desktop OS, and browser updated.
- Security patches fix known vulnerabilities that malware relies on.
🔲 2.2 Strong Passwords & Screen Lock
- Use unique, long passwords for:
- Device login
- App store accounts
- Enable:
- Screen lock / biometric unlock
- Auto-lock with short timeout (e.g., 1–5 minutes)
🔲 2.3 No Random Extensions / Apps
- Remove browser extensions you don’t use — extensions can read your pages, including wallet UIs.
- Only install wallet extensions/apps from official links (e.g., phantom.com, solflare.com).
🔲 2.4 Consider a “Crypto-Only” Device
- For higher security, use:
- One phone or laptop only for wallets and exchanges
- No games, torrents, cracked software, or unknown links
- This reduces the chance of malware/keyloggers.
✅ 3. Hot Wallet vs Cold Wallet — Use Them for Different Jobs
Think of wallets like cash vs bank vault:
- Hot wallet (Phantom, Solflare, Backpack, Glow) → like cash in your pocket
- Cold/hardware wallet (Ledger, Trezor, Keystone, etc.) → like a safe or vault
🔲 3.1 Keep Only Working Capital in Hot Wallets
- Hot wallets are for:
- Daily trading
- Airdrops
- DEX / NFT activity
- Keep in them only what you can afford to lose if compromised.
🔲 3.2 Use Hardware Wallets for Long-Term Holdings
- For large SOL balances or valuable NFTs:
- Store them in a hardware wallet (cold storage).
- Connect Ledger/Trezor/Keystone to Phantom or Solflare for a good combo: hardware security + nice UI.
🔲 3.3 Separate “Vault” and “Burner” Wallets
- Vault wallet:
- Hardware-backed
- Used for long-term holdings
- Never connects to random new dApps
- Burner wallet:
- Small balance
- Used for mints, airdrops, degen trading, testing new protocols
This separation is recommended by multiple security guides as a simple but powerful risk reduction method.
✅ 4. Phishing & Fake dApps — Biggest Real-World Threat
Solana has become a hot target for phishing. A 2025 study (SolPhishHunter) found thousands of phishing transactions on Solana, causing over $1M in losses.
🔲 4.1 Always Check URLs
- Bookmark official sites:
- jup.ag (Jupiter)
- raydium.io
- orca.so
- phantom.com / solflare.com / backpack.app
- Never click DApp links from:
- Random Twitter/X replies
- Telegram DMs
- Airdrop spam emails
🔲 4.2 Verify Token Contracts
- Before buying a new token:
- Get the mint address from the project’s official website/Discord or a reputable aggregator.
- Avoid tokens with almost identical names/symbols.
- Fake tokens are a common way to trick users on DEXes.
🔲 4.3 Be Skeptical of “Support” Messages
- No legit wallet or exchange support will DM you first.
- Never share:
- Seed phrase
- Private key
- Screenshot of wallet secret info
If someone insists they need it “to help recover your funds” → it’s 100% a scam.
✅ 5. Transaction & Permission Safety on Solana
Solana’s transaction model is slightly different from Ethereum, and phishing on Solana can look unusual compared to what users are used to on EVM chains.
🔲 5.1 Read Before You Sign
- Check:
- The program / dApp requesting the signature
- The token and exact amount being transferred
- Whether it’s a “transfer”, “approval”, or something strange
If you don’t understand what you’re signing → cancel and research.
🔲 5.2 Regularly Review & Revoke Permissions
- Over time, you grant many dApps permission to move tokens or NFTs.
- Use tools or wallet features to:
- Review active approvals
- Revoke those you no longer use
This reduces the blast radius if a protocol is later exploited.
🔲 5.3 Use Explorers to Verify
- After big or unusual transactions:
- Check them on Solscan or SolanaFM
- Confirm recipient addresses and token amounts
- Early spotting of suspicious activity can save the rest of your funds.
✅ 6. Passwords, 2FA & Email Security
Even if your wallet is non-custodial, your email and exchanges matter for on-ramps and backups.
🔲 6.1 Strong, Unique Passwords
- Use a password manager (Bitwarden, 1Password, etc.).
- Create long passwords (16+ characters) with random characters.
🔲 6.2 2FA on Exchanges & Custodial Apps
- For centralized exchanges and custodial services:
- Enable TOTP-based 2FA (Google Authenticator, Authy)
- Avoid SMS codes when possible
- This reduces account takeover risk if your email is compromised.
🔲 6.3 Email Hygiene
- Use a separate email for crypto if possible.
- Enable 2FA on that email.
- Be cautious with password reset links and “suspicious login” mails.
✅ 7. Software Updates & Security Mindset
🔲 7.1 Keep Wallets & Apps Updated
- Wallet teams frequently patch:
- Security issues
- Scam detection
- Better warnings and UX protections
Update:
- Wallet extensions
- Mobile wallet apps
- Hardware wallet firmware
🔲 7.2 Stay Informed About New Attack Patterns
- Solana-specific research shows new phishing methods (SolPhish) that exploit Solana’s unique transaction design.
- Follow:
- Official wallet blogs (Phantom, Solflare, Backpack)
- Reputable security accounts
- Exchange or project announcements
One good rule: if you’re about to approve something and feel a bit of anxiety — stop and double-check. Even Ledger’s own security checklist stresses listening to that “something feels off” instinct.
✅ 8. Quick “Pre-Degen” Checklist Before You Ape into Anything
Before you buy a new meme coin or connect to a new Solana dApp:
- Using burner wallet?
- Yes / No
- Seed phrase backed up offline?
- Yes / No
- URL verified and bookmarked?
- Yes / No
- Token mint verified from official source?
- Yes / No
- Amount you’re risking is acceptable to lose?
- Yes / No
If you hit “No” on more than one of these, you’re not ready to ape into it.
Final Thoughts: Security Is a Habit, Not a One-Time Setup
Solana’s speed and low fees are incredible, but they also mean you can lose money very quickly if you sign the wrong transaction or connect the wrong wallet.
If you remember only three things from this article, let them be:
- Your seed phrase is sacred — offline only, never shared.
- Use separate wallets: vault (hardware) vs burner (daily / airdrops / degen).
- Read what you sign — and if in doubt, don’t sign.
Follow this checklist and you’ll be among the relatively small group of Solana users who not only know how to trade and farm — but know how to keep what they earn.